Arbitrary Block Modification Vulnerability in Mahara

Arbitrary Block Modification Vulnerability in Mahara

CVE-2013-4431 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an edit request.

Learn more about our User Device Pen Test.